PublicDateAtUSN: 2014-06-05 12:00:00 UTC
Candidate: CVE-2014-0221
CRD: 2014-06-05 12:00:00 UTC
PublicDate: 2014-06-05 21:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
 https://www.openssl.org/news/secadv_20140605.txt
 https://ubuntu.com/security/notices/USN-2232-1
Description:
 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before
 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote
 attackers to cause a denial of service (recursion and client crash) via a
 DTLS hello message in an invalid DTLS handshake.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Imre Rad
Assigned-to: mdeslaur
CVSS: 

Patches_openssl:
upstream_openssl: released (1.0.1h)
lucid_openssl: released (0.9.8k-7ubuntu8.18)
precise_openssl: released (1.0.1-4ubuntu5.14)
saucy_openssl: released (1.0.1e-3ubuntu1.4)
trusty_openssl: released (1.0.1f-1ubuntu2.2)
trusty/esm_openssl: released (1.0.1f-1ubuntu2.2)
devel_openssl: released (1.0.1f-1ubuntu4)

Patches_openssl098:
upstream_openssl098: released (0.9.8za)
lucid_openssl098: DNE
precise_openssl098: released (0.9.8o-7ubuntu3.2)
saucy_openssl098: released (0.9.8o-7ubuntu3.2.13.10.1)
trusty_openssl098: released (0.9.8o-7ubuntu3.2.14.04.1)
trusty/esm_openssl098: DNE (trusty was released [0.9.8o-7ubuntu3.2.14.04.1])
devel_openssl098: released (0.9.8o-7ubuntu4)